[strongSwan] Equivalent strongswan settings for racoon config
cellkites at hushmail.com
cellkites at hushmail.com
Fri Sep 19 10:36:44 CEST 2014
I am attempting to setup an ikev1 ipsec session with a device for
which the vendor has provided me with the necessary racoon config
however I am having trouble translating this to an equivalent
strongswan config and am hoping someone can point out where i am going
wrong. It's seems fairly straightforward however I am continually
getting the error "no ike config found". Both the initiator and
responder (strongswan) are behind nat however i have forwarded the
necessary ports and tested this works correctly with another
strongswan client (also behind nat) so I am confident that is not the
issue.
This is my racoon config;
path pre_shared_key “/etc/racoon/psk.txt”
_remote anonymous { _
_ exchange_mode main;__ _
_ proposal_check claim;__ _
_ proposal {__ _
_ encryption_algorithm aes;__ _
_ hash_algorithm sha1;__ _
_ authentication_method pre_shared_key;__ _
_ dh_group 2;__ _
_ }__ _
_ generate_policy on;__ _
_ nat_traversal on;__ _
_ peers_identifier user_fqdn “test at test.com”;__ _
_}_
_sainfo anonymous {__ _
_ encryption_algorithm aes;__ _
_ authentication_algorithm hmac_sha1;__ _
_ compression_algorithm deflate;__ _
_}_
psk.txt
_test at test.com password_
and this is my strongswan config
ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
conn test
keyexchange=ikev1
nat_traversal=yes
left=x.x.x.x
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140919/fda17199/attachment.html>
More information about the Users
mailing list